Home Publications Business Practical steps to evaluate and protect Secure Boot

Practical steps to evaluate and protect Secure Boot

Author: Riscure Team

In recent years Secure Boot, a critical security element of any computer system, has become a popular target for malicious attacks. As such, securing the code through verification and integrity control has become crucial in order to protect both manufacturers and consumers. The diversity of specifics caused by the variety of embedded platforms processed during a Secure Boot leads to a high chance of a successful attack.

This research is also available in a form of slides and video from the BlackHat Europe 2016. They are available here.

Riscure has vast experience in analyzing the security of embedded systems and has been evaluating Secure Boot implementations for more than 10 years. On average, 90% of security implementations are found to be vulnerable during the first stage of evaluation. This whitepaper analyzes the most common ways to attack Secure Boot and explains how Riscure can assist in protecting at-risk devices.

Common Weaknesses

The most common threats to Secure Boot can be divided into two categories: Logical threats (e.g., Design error, Service backdoor, Driver weakness) and Hardware threats (e.g., Race condition, Selectable boot source, and Fault injection). Logical attacks are more common but easier to resolve, while physical attacks are rarer since they require more effort from an attack but can make all devices in circulation unsecure. However, it is common for attacks to involve a combination of the two or use one to find a weakness in the other. Therefore, a proper security evaluation offers an independent view of the entire application.

Fault Injection attacks 

Due to their complexity, fault injection can be considered an ‘elite’ attack but has been overlooked in favor of a simpler logical weakness. Fault injection works by introducing glitches while attacking hardware via different means, such as light or time. Riscure believes that as time progresses and adversaries become better at fault injection, these ‘elite’ attacks will become more common. As such, Riscure recommends three methods to mitigate hardware and software threats.

  1. Testing in a lab
  2. Embrace secure programming methods
  3. Introduce countermeasures

Recent publications

Share This